fix malware problems free will even tell you that there is no htaccess in the wp-admin/ directory. You can put a.htaccess file if you wish, and you can use it to control access to the directory by IP address or address range. Details of how to do that are available on the internet.
Truth is, there is really no way, if your own site is targeted by a master of this script. Everything you are about to read below are some measures you can take address to minimize the threat to an acceptable level. Odds are a hacker would prefer choosing another, helpful resources easier victim if your WordPress site is well protected.
You must create a new user before you can delete the default admin account. To do this go to your WordPress Dashboard and click on User -> Create New User. Enter all of the information you will need to enter.
BACK UP your website frequently and keep a copy on your computer and off-site storage. For those who have a website, back up every day. You spend a lot of time and money on your website, don't skip this! Is BackupBuddy, no back up plugins, widgets, your files and database. Need to move your site this will do it!
Implementing all the above will probably take less than an hour to finish, while creating your WordPress website more immune to intrusions. Over 1 million WordPress websites were cracked this past year, you could look here largely due to easily preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.